Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Funny article

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 13 Nov 2003 10:08:13 -0600
On Thu, 2003-11-13 at 08:41, Volker Tanger wrote:

Ideally the Apache exe should be running as an unpriviledged user. but
then, ideally the IIS server should be running as an unpriviledged
user too....


Well, running a kernel task is a bit difficult to do unprivileged...
*SCNR*  


I don't understand this comment at all. Ideally IIS should be running as
an unpriviledged user, like in the good ole IIS 3 days. Back then the
service was running under a user account so even if the IIS service got
hijacked through a BO, you still had to hack your way to privileges. No
immediate SYSTEM there.

The reason IIS4+ runs as SYSTEM appears to be to gain performance. I
guess running IIS as a kernel module and having less context switches
does do well for performance (like an Apache LKM), but unfortunately not
for security.

What specific kernel task were you referring to?

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: